Last active
May 4, 2016 22:41
-
-
Save joestringer/465328172ee8960242142572b0ffc6e1 to your computer and use it in GitHub Desktop.
Trigger kernel crash during deferred namespace teardown after conntrack helper is unloaded
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
crash=1 | |
setup() | |
{ | |
modprobe nf_conntrack_ftp | |
brctl addbr br0 | |
ip link set dev br0 up | |
for num in 1 2; do | |
netns=ns${num} | |
veth=veth${num} | |
ip netns add ${netns} | |
ip link add ${veth}-host type veth peer name ${veth}-${netns} netns ${netns} | |
ip link set dev ${veth}-host up | |
brctl addif br0 ${veth}-host | |
ip netns exec ${netns} ip addr add dev ${veth}-${netns} 10.1.1.${num}/24 | |
ip netns exec ${netns} ip link set dev ${veth}-${netns} up | |
ip netns exec ${netns} sysctl -w net.netfilter.nf_conntrack_helper=${crash} | |
done | |
} | |
run() | |
{ | |
ip netns exec ns1 python ~joe/ovs/tests/test-l7.py ftp & echo $! > ftpd.pid | |
ip netns exec ns2 wget ftp://10.1.1.1 -4 --no-passive-ftp -t 3 -T 1 \ | |
-o wget0.log --retry-connrefused -v --server-response --no-proxy \ | |
--no-remove-listing -d | |
sleep 1 | |
echo | |
read -p "Ready to kill" | |
kill $(cat ftpd.pid) | |
} | |
teardown() | |
{ | |
ip link set dev br0 down | |
brctl delbr br0 | |
for num in 1 2; do | |
if ip netns exec ns${num} conntrack -L | grep ftp; then | |
echo "ns${num} has ftp connections, we're gonna crash!" | |
fi | |
ip link del veth${num}-host | |
ip netns del ns${num} | |
done | |
conntrack -F | |
# Not cleaning up conntrack in ns1/ns2; crash races with deletion above | |
modprobe -r nf_conntrack_ftp | |
} | |
setup | |
run | |
teardown |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment